Re: Question about XACE/X-SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>> Hello,
>>
>> I just want to try functionalities X-SELinux, such as prohibiting cut and
>> paste.
>> Since the below changelog(URL) says X-SELinux functionalities are turned off
>> by default,
>> I think I need to turn on at first.
>> I appreciate someone tell me how to turn on.
>>> http://lwn.net/Articles/283539/
>>
>> I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612,
>> and GNOME( meaning just after FC9 and yum update).
>>
>> I thought X-SELinux functionalities are turned on by default in FC9,
>> so I tried the below steps.
>> 1) setsebool xserver_object_manager=true
>> 2) insert loadable module like below. because I was expecting
>> some avc logs were generated if I tried cut and paste.
>>
>>> policy_module(test, 1.0.0)
>>> gen_require(`
>>> attribute domain;
>>> class x_synthetic_event { send receive };
>>>')
>>>auditallow domain domain:x_synthetic_event {send receive};
>>
>> 3) setenforce 1
>> 4) reboot GNOME( init 3 and init 5)
>> 5) trying cut&paste from a window to others. No avclogs are found.
>> Only found "Loading extension SELinux" in /var/log/Xorg.0.org.
>>
>> I appreciate someone tell me what I am missing here.
>>
>> Regards,
>> K
>>
>>
>> Need cash? Click to get an emergency loan, bad credit ok
>>
>> _______________________________________________________________
>> Get the FREE email that has everyone talking at http://www.mail2world.com
>> Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!
>
>Add this to xorg.conf
>
>Section "Extensions"
>Option "SELinux" "Enable"
>EndSection
>
>Thr default enforcing state is Permissive.
>
>Add this to set Enforcing state in X
>
>Section "Module"
>SubSection "extmod"
>Option "SELinux Enforcing"
>EndSubSection
>EndSection
>
>Add this to have the X Enforcing mode track the system enforcing state
>
>Section "Module"
>SubSection "extmod"
>Option "SELinux TrackSystem"
>EndSubSection
>EndSection
>
>xdpyinfo will tell you if the SELinux extension is enabled.

It works! thanks!
.
Regards,
K


All is not lost! Click now for professional data recovery.

_______________________________________________________________
Get the FREE email that has everyone talking at http://www.mail2world.com
Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux